-
-
Save petrpavlik/2dbbeab7e9902e63b62aa66957f8a5d8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ================================ | |
# Build image | |
# ================================ | |
FROM swift:5.10-jammy as build | |
# Install OS updates | |
RUN export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ | |
&& apt-get -q update \ | |
&& apt-get -q dist-upgrade -y \ | |
&& apt-get install -y libjemalloc-dev | |
# Set up a build area | |
WORKDIR /build | |
# First just resolve dependencies. | |
# This creates a cached layer that can be reused | |
# as long as your Package.swift/Package.resolved | |
# files do not change. | |
COPY ./Package.* ./ | |
RUN swift package resolve --skip-update \ | |
$([ -f ./Package.resolved ] && echo "--force-resolved-versions" || true) | |
# Copy entire repo into container | |
COPY . . | |
# Build everything, with optimizations, with static linking, and using jemalloc | |
# N.B.: The static version of jemalloc is incompatible with the static Swift runtime. | |
RUN swift build -c release \ | |
--static-swift-stdlib \ | |
-Xlinker -ljemalloc | |
# Switch to the staging area | |
WORKDIR /staging | |
# Copy main executable to staging area | |
RUN cp "$(swift build --package-path /build -c release --show-bin-path)/App" ./ | |
# Copy static swift backtracer binary to staging area | |
RUN cp "/usr/libexec/swift/linux/swift-backtrace-static" ./ | |
# Copy resources bundled by SPM to staging area | |
RUN find -L "$(swift build --package-path /build -c release --show-bin-path)/" -regex '.*\.resources$' -exec cp -Ra {} ./ \; | |
# Copy any resources from the public directory and views directory if the directories exist | |
# Ensure that by default, neither the directory nor any of its contents are writable. | |
RUN [ -d /build/Public ] && { mv /build/Public ./Public && chmod -R a-w ./Public; } || true | |
RUN [ -d /build/Resources ] && { mv /build/Resources ./Resources && chmod -R a-w ./Resources; } || true | |
# ================================ | |
# Run image | |
# ================================ | |
FROM ubuntu:jammy | |
# Make sure all system packages are up to date, and install only essential packages. | |
RUN export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ | |
&& apt-get -q update \ | |
&& apt-get -q dist-upgrade -y \ | |
&& apt-get -q install -y \ | |
libjemalloc2 \ | |
ca-certificates \ | |
tzdata \ | |
# If your app or its dependencies import FoundationNetworking, also install `libcurl4`. | |
# libcurl4 \ | |
# If your app or its dependencies import FoundationXML, also install `libxml2`. | |
# libxml2 \ | |
&& rm -r /var/lib/apt/lists/* | |
# Create a vapor user and group with /app as its home directory | |
RUN useradd --user-group --create-home --system --skel /dev/null --home-dir /app vapor | |
# Switch to the new home directory | |
WORKDIR /app | |
# Copy built executable and any staged resources from builder | |
COPY --from=build --chown=vapor:vapor /staging /app | |
# Provide configuration needed by the built-in crash reporter and some sensible default behaviors. | |
ENV SWIFT_BACKTRACE=enable=yes,sanitize=yes,threads=all,images=all,interactive=no,swift-backtrace=./swift-backtrace-static | |
# Ensure all further commands run as the vapor user | |
USER vapor:vapor | |
# Let Docker bind to port 8080 | |
EXPOSE 8080 | |
# Start the Vapor service when the image is run, default to listening on 8080 in production environment | |
ENTRYPOINT ["./App"] | |
CMD ["serve", "--env", "production", "--hostname", "0.0.0.0", "--port", "8080"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment